<?php
/**
 * User of the rs
 *
 * @author dll_hell_2
 */
class user {
    public static $admin = 3;
    public static $editor = 2;
    public static $user = 1;
    /**
     *
     * @var int $id Id of the user
     */
    protected $id;
    /**
     *
     * @var string $login Login of the user
     */
    protected $login;
    /**
     *
     * @var  bool $state State of the user: valid/not valid
     */
    protected $state;
    protected $name;
    protected $email;
    /**
     *
     * @var int $rights 1: user, 2: editor, 3: admin
     */
    protected $rights; 
    
    public function addToDatabase()
    {
        //array of new values
    }
    
    /**
     *
     * @param int $id Id of the user
     * @return bool true if user exists in database and is valid, false otherwise
     */
    public function __construct($id=null) {
        if(!isset($id))
            return ;
        $conn = new dbConnection();
        $sql_query = "SELECT * FROM authors WHERE id like '$id'";
        $sql_result = $conn->db_query($sql_query);
        if(mysql_num_rows($sql_result) == 1)
        {
            $row = mysql_fetch_array($sql_result);
            $this->id = $row['id'];
            $this->login = $row['login'];
            $this->state = $row['state'];
            $this->name = $row['name'];
            $this->email = $row['email'];
            $this->rights = $row['rights'];                        
        }else
        {
            throw new Exception(sprintf("Uzivatel s id '%s' nenalezen!",$id));
        }
    }
    /**
     *Sets the user with $user_name and $password as active user for the session
     * @param string $user_name
     * @param string $password
     * @return bool True if user with $user_name and $password is in database and is valid,
     * False otherwise
     */
    public function login($user_name, $password)
    {
        
        $conn = new dbConnection();
        $sql_query = sprintf("SELECT * FROM authors
                WHERE login = '%s'
                    AND password = '%s'
                    AND state = true",
                mysql_real_escape_string($user_name),
                md5($password));       
        
        $sql_result = $conn->db_query($sql_query);
        if(mysql_num_rows($sql_result) == 1)
        {
            $row = mysql_fetch_array($sql_result);
            $this->id = $row['id'];
            $this->login = $row['login'];
            $this->state = $row['state'];
            $this->name = $row['name'];
            $this->email = $row['email'];
            $this->rights = $row['rights'];
            $_SESSION['user'] = $this;            
        }
        else
        {
            throw new Exception('login failed!');
        }
    }
    /**
     *Validates logged user.
     * If user state or privileges have been changed,loggs user out.
     * Else updates user informations.
     * @return bool True if users rights and state haven't been changed,
     * false otherwise.
     */
    
    public function validate()
    {
        //zjistit, jestli jsou informace stejne jako v databazi        
        $conn = new dbConnection();
        $sql_query = sprintf("SELECT * FROM authors
                WHERE id = '%s'",
                mysql_real_escape_string($this->id));  
        $sql_result = $conn->db_query($sql_query);
        if(mysql_num_rows($sql_result) != 1)
        {            
            unset($_SESSION['user']);
            throw new Exception('uzivatel neni v databazi!');
        }
        $row = mysql_fetch_array($sql_result);        
        if(($this->rights >= $row['rights']) && ($this->state == $row['state']))
        {
            $this->rights = $row['rights'];
            $this->name = $row['name'];
            $this->email = $row['email'];            
        }else
        {
            unset($_SESSION['user']);
            throw new Exception('prosle zaznamy o uzivateli!');
        }    
                
            
    }
    /**
     *Updates users record in database
     * @param string $password
     * @param string $name
     * @param string $email
     * @param int $rigths
     * @param int $state
     */
    public function updateInfo($password, $name, $email, $rigths, $state)
    {
        if($password != null ||
                $name != null || 
                $email != null ||
                $rigths !=null ||
                $state != null)
        {
            $conn = new dbConnection();
            $sql_query = "UPDATE authors SET ";
            $delimiter="";
            if(isset($password))
            {
                $sql_query .= "password='".md5($password)."' ";
                $delimiter = ",";
            }
            if(isset($name))
            {
                 $sql_query.= $delimiter;
                 $sql_query .= "name='$name' ";
                 $delimiter = ",";
            }
            if(isset($email))
            {
                 $sql_query.= $delimiter;
                 $sql_query .= "email='$email' ";
                 $delimiter = ",";
            }
            if(isset($rigths))
            {
                $sql_query.= $delimiter;
                 $sql_query .= "rights='$rigths' ";
                 $delimiter = ",";
            }
            if(isset($state))
            {
                $sql_query.= $delimiter;
                 $sql_query .= "state='$state' ";                 
            }
            $sql_query .="WHERE id='".$this->getId()."'";
            
            $conn->db_query($sql_query);            
        }
        
    }
}


?>
